Friday, 18 May 2007

New type of Fake BlueMountain eCard

Here's a new type of fake eCard. Normally you can spot them a mile away, as they have links to exe/scr/pif files. when you hover your mouse of the link.

This one however, this one doesn't have any of the above type... just a genuine looking attach dll filename, which would make sense as it's an attachment:















However, if you do click on the link, you are asked to download a file called FlashPlayer_eCard.exe, which again you might think it okay... as the above email does suggest that you might have to use Macromedia Flash Plug-in.

But submitting the file to VirusTotal, well... not good:














Bancos family malware are usually password-stealing Trojans which can also downloads code.

No comments: